On Cyber Trick-or-T(h)reats

October 30, 2013 - 06:27 PM

Author:

Dr. David A. Bray

Chief Information Officer

Last week, I started a public conversation on the importance of communication[2]. This week I want to discuss another side of digital communication: the spread of viruses, malware, and advanced persistent threats on the internet. The timing of National Cybersecurity Awareness Month[3] with Halloween is appropriate, because sometimes when engaging in professional or personal communications on the internet, we also run the risk of cyber tricks-or-threats.

Cyber tricks-or-threats can come from visiting sites that do “drive by” infections, opening malicious file attachments, or downloading supposedly “free” software that compromises our computer’s security. Don’t forget that in the mobile broadband age, the threats you normally associate with your home or office computer can easily be found on your mobile device: the same cautionary principles apply. For those of us who use the internet to engage in public and personal transactions, it is a quality assurance concern that our digital communications on the public infrastructure be kept both secure and private.

I also would like to recommend three actions we each can do annually – akin to checking our “cyber smoke detectors” – on our computers:

(1) Make sure your computer’s anti-virus software is installed, working, and has the ability to automatically update itself. This will present a good first-line defense against “drive by” infections or infectious files. Also make sure your operating system is running the latest software updates. When performing the updates, an annual backup of your most important files to electronic media or a secure storage location also makes sense.

(2) Change the password for your email and other important online accounts (bank, credit card statements, etc.) at least once a year, if not more often, and strive for a “strong” password[7] that includes a mixture of letters, numbers, and symbols. If the option for two-factor authentication is available for your online accounts, for example, sending a one-time passcode to mobile device or email, definitely consider activating it for your most sensitive data. If you have a wireless network at home, you may also want to create and use a new “strong” password.

(3) Monitor your credit reports and social media settings regarding what personal information can and cannot be shared about you. Cybersecurity is part of a larger umbrella that includes the protection of information about you, including your private information. Everyone in the U.S. can get an annual free credit report[8] which will help you know if someone has stolen your identity or opened fraudulent accounts in your name. If you are on a social media site, you should review at least annually, if not more often, the “Personal Settings” regarding what information can and cannot be shared by that site with the public and third-parties. The decision is you how much of your information you want to share vs. keep private.

By doing these three things at least once a year, we all can practice good cyber-hygiene and avoid cyber trick-or-threats on the internet. We welcome other thoughts and ideas at @fcc_cio[9] or in the comments below.